honeymoose
/
hapi-fhir
mirror of https://github.com/hapifhir/hapi-fhir.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Raise an error on including invalid query string parameter(s) in read operations

This commit is contained in:
Jafer Khan 2020-03-31 02:20:05 +05:00 committed by James Agnew
parent 7f2605def1
commit 0021561fb1
3 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hapi-fhir-base/src/main/java/ca/uhn/fhir/rest/api/Constants.java
View File

@ -149,6 +149,8 @@ public class Constants {
*/
public static final String PARAM_BUNDLETYPE = "_bundletype";
public static final String PARAM_FILTER = "_filter";
public static final String PARAM_CONTAINED = "_contained";
public static final String PARAM_CONTAINED_TYPE = "_containedType";
public static final String PARAM_CONTENT = "_content";
public static final String PARAM_COUNT = "_count";
public static final String PARAM_DELETE = "_delete";

2
hapi-fhir-base/src/main/resources/ca/uhn/fhir/i18n/hapi-messages.properties
View File

@ -36,6 +36,8 @@ ca.uhn.fhir.rest.server.method.IncludeParameter.orIncludeInRequest='OR' query pa
ca.uhn.fhir.rest.server.method.PageMethodBinding.unknownSearchId=Search ID "{0}" does not exist and may have expired
ca.uhn.fhir.rest.server.method.ReadMethodBinding.invalidParamsInRequest=Invalid query parameter(s) for this request: "{0}"
ca.uhn.fhir.rest.server.method.SearchMethodBinding.invalidSpecialParamName=Method [{0}] in provider [{1}] contains search parameter annotated to use name [{2}] - This name is reserved according to the FHIR specification and can not be used as a search parameter name.
ca.uhn.fhir.rest.server.method.SearchMethodBinding.idWithoutCompartment=Method [{0}] in provider [{1}] has an @IdParam parameter. This is only allowable for compartment search (e.g. @Search(compartment="foo") )
ca.uhn.fhir.rest.server.method.SearchMethodBinding.idNullForCompartmentSearch=ID parameter can not be null or empty for compartment search

19
hapi-fhir-server/src/main/java/ca/uhn/fhir/rest/server/method/ReadMethodBinding.java
View File

@ -51,6 +51,7 @@ import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Set;
import static org.apache.commons.lang3.StringUtils.isNotBlank;
@ -153,6 +154,22 @@ public class ReadMethodBinding extends BaseResourceReturningMethodBinding {
@Override
public IBundleProvider invokeServer(IRestfulServer<?> theServer, RequestDetails theRequest, Object[] theMethodParams) throws InvalidRequestException, InternalErrorException {
IIdType requestId = theRequest.getId();
FhirContext ctx = theRequest.getServer().getFhirContext();
String[] invalidQueryStringParams = new String[]{Constants.PARAM_CONTAINED, Constants.PARAM_COUNT, Constants.PARAM_INCLUDE, Constants.PARAM_REVINCLUDE, Constants.PARAM_SORT, Constants.PARAM_SEARCH_TOTAL_MODE};
List<String> invalidQueryStringParamsInRequest = new ArrayList<>();
Set<String> queryStringParamsInRequest = theRequest.getParameters().keySet();
for (String queryStringParamName : queryStringParamsInRequest) {
String lowercaseQueryStringParamName = queryStringParamName.toLowerCase();
if (StringUtils.startsWithAny(lowercaseQueryStringParamName, invalidQueryStringParams)) {
invalidQueryStringParamsInRequest.add(queryStringParamName);
}
}
if (!invalidQueryStringParamsInRequest.isEmpty()) {
throw new InvalidRequestException(ctx.getLocalizer().getMessage(ReadMethodBinding.class, "invalidParamsInRequest", invalidQueryStringParamsInRequest));
}
theMethodParams[myIdIndex] = ParameterUtil.convertIdToType(requestId, myIdParameterType);
@ -201,7 +218,7 @@ public class ReadMethodBinding extends BaseResourceReturningMethodBinding {
}
} // if we have at least 1 result
return retVal;
}